NOTE: For readers outside the US, ACH stands for Automated Clearing House, which is an electronic payment system we use to deposit and withdraw funds from bank accounts. Employers often use ACH to electronically deposit pay checks into employee bank accounts, and companies often use ACH to pay their vendors electronically. Consumers often use ACH to pay their bills--if you want to automatically pay your cable TV or cell phone bill, you send the merchant your bank account information, and they automatically withdraw the funds each month from your bank account. In the US, it's a modern form of "electronic" banking. But for the rest of the world, I suspect it's an archaic, horribly designed system that has zero security.

Update: On his blog post sharing this article, Mark Polino says that there are solutions, similar to Safe Pay / Positive Pay, that can be used to prevent ACH fraud. While that may theoretically be true with some banks, certain types of business bank accounts, some corporate treasury management solutions, and for some payment scenarios (such as outbound payroll), I was told that Bank of America Small Business bank accounts have no such services that could be used to prevent the type of ACH fraud that I experienced.I asked two different Bank of America employees (one call center rep and one at my branch with over 15 years of experience as a manager at BofA) if there is anything I can do to prevent this type of ACH fraud. They both clearly and definitively said that there is absolutely nothing I can do to prevent such random fraudulent ACH transactions. I asked if they could block all ACH withdrawals on my account. The branch manager said no--he said that there is no way to prevent an ACH withdrawal from hitting my account. The only way he could block withdrawals from my account was the close the account. He did mention that he does have the ability to block ACH withdrawals from a specific merchant ID, such as those that occur with a recurring monthly fee, like a gym membership. But with the ACH fraud I experienced, there were multiple merchant IDs, so that would not have helped me.Trust me, I asked multiple times and pointed out how incredibly absurd the situation was. The Bank of America employees simply shrugged and said that the only solution is to close the compromised account and open a new one. It was a surreal experience.

Update 2: Reviewing the Bank of America web site (since the employees were of no help), it appears that they have a "Full Analysis Business Checking" account offering that might have some relevant ACH fraud prevention features. If you maintain account balances of over $60,000, write more than 150 checks, and have more than 200 deposits a month (unclear if those transaction minimums are required), that type of account apparently offers "ACH blocks/authorizations", in addition to Positive Pay. Based on a review of this PDF form, it appears that ACH blocks / authorizations allows you to "whitelist" specific ACH company IDs for your trading partners, authorizing them specifically, as well as specifically blocking certain company IDs. The form also has an option to completely block all ACH transactions against a specific account, something I was told was impossible with my account type.These ACH features might work for situations where you have consistent ACH deposits or withdrawals with trading partners on a specific account, but I don't know if it would be manageable for a company that is receiving many one time ACH payments from customers, or ACH payments from from hundreds of customers. You would need to know the ACH company ID for every customer in advance of their ACH deposit--I don't even know how I would find my own ACH company ID if I were asked for it. Any ACH transaction (deposit and withdrawal) that is not specifically whitelisted is blocked.And it isn't clear if they have an option to manage the company IDs online, or if you have to fill out that form for every change.I currently have no need to park $60,000 in my business bank accounts, so such account features are presumably not available to me.Why can't banks allow me to approve each ACH transaction before it hits my account? Allow me to login to the online banking web site or mobile app, view a list of pending transactions, and approve or deny each one? This isn't rocket science. If the ACH platform cannot support such a workflow, the US banking system is truly the laughingstock of the modern world.

Update 3: I had to call the bank to get copies of the recent statements for my closed account, since I no longer have access to the account online. During the call, I asked this new rep if there were any options available to prevent the ACH fraud I experienced. He indicated that he is not aware of any features on my Small Business account that would have prevented the fraud, but he mentioned that the bank can place a "Fraud Hold" on an account. This is the first time I had heard of such an option, despite asking about it repeatedly previously. The Fraud Hold results in an account balance of -$888,888.88, which is an indicator to Bank of America folks that the account has been placed on hold. Unfortunately, this rep, and one more Small Business sales rep I spoke with during this call resulted in no additional information or potential services that could have helped me to prevent the ACH fraud. In fact, the sales rep had never heard of an actual case of ACH fraud, so I ended up educating him about the process, and he was shocked by the lack of resources and the process required to resolve the problem.I asked about the "Full Analysis Business Checking" account type, but neither rep had any knowlege of it, as it is apparently handled by a different Treasury Management group that cannot be called directly. I had to request that this secret department give me a call, as a potential sales prospect for their services. And the saga continues...

I think it's worthwhile to pause and take a moment to consider how difficult change can be. Actually acknowledge it.

Change can be uncomfortable, scary, and stressful. Change can be costly and arduous and tiring. Change can be inherently destructive.

It often feels much easier to ignore it, delay it, or pretend it isn't happening. But you can't always avoid change. Sometimes you have time to prepare for change, and sometimes you have no advance notice.

In the ERP world, consultants see the symptoms of change regularly when customers implement a new ERP system.

"My old system did X, why can't the new system do X?"

"I just don't have time to learn this new system. I have too much work to do!"

"I liked the old system better."

Turnabout is Fair Play

But occasionally, it seems that those pesky consultants get a taste of change.

Microsoft has changed quite a bit since it acquired Great Plains Software. Great Plains was rebranded as Dynamics GP, and the GP team at Microsoft put a lot of work into the product, adding new features and expanding its capabilities.

But over the last several years, Microsoft has invested heavily in its 'cloud computing' strategy, with Azure and Software as a Service (SaaS) offerings. As part of the cloud strategy, Microsoft has also invested heavily in ERP software as a service, hosted in Azure.

Dynamics AX has become Dynamics 365 Finance and Operations, and Dynamics NAV has now, finally, become Dynamics 365 Business Central. Dynamics GP is notably not on the Microsoft Azure ERP SaaS menu. It's our turn to change.